package com.dhcc.bpm.common.utils;

import org.jsoup.Jsoup;
import org.jsoup.safety.Whitelist;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class SafeHtmlUtils {

  private static final Logger log = LoggerFactory.getLogger(SafeHtmlUtils.class);

  public static String getSafeHtml(String html) {
    log.info("开始对富文本进行处理，消除xss隐患。");
    //防御XSS攻击,安全HTML验证
    //可自定义jsoup的Whitelist
    Whitelist whitelist = Whitelist.relaxed();

    //其它白名单设置...

    //获得安全HTML，消除xss隐患
    String safeHtml = Jsoup.clean(html, whitelist);
    log.info("完成对富文本进行处理。");
    return safeHtml;
  }
}
